hacktricks/network-services-pentesting/3702-udp-pentesting-ws-discovery.md
2024-05-05 17:56:05 +00:00

49 lines
3.7 KiB
Markdown

# 3702/UDP - Pentesting WS-Discovery
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
## Basic Information
The **Web Services Dynamic Discovery Protocol (WS-Discovery)** is identified as a protocol designed for the discovery of services within a local network through multicast. It facilitates the interaction between **Target Services** and **Clients**. Target Services are endpoints available for discovery, while Clients are the ones actively searching for these services. Communication is established using **SOAP queries over UDP**, directed to the multicast address **239.255.255.250** and UDP port **3702**.
Upon joining a network, a Target Service announces its presence by broadcasting a **multicast Hello**. It remains open to receiving **multicast Probes** from Clients that are on the lookout for services by Type, an identifier unique to the endpoint (e.g., **NetworkVideoTransmitter** for an IP camera). In response to a matching Probe, a Target Service may send a **unicast Probe Match**. Similarly, a Target Service could receive a **multicast Resolve** aimed at identifying a service by name, to which it may reply with a **unicast Resolve Match** if it is the intended target. In the event of leaving the network, a Target Service attempts to broadcast a **multicast Bye**, signaling its departure.
![](<../.gitbook/assets/image (689).png>)
**Default port**: 3702
```
PORT STATE SERVICE
3702/udp open|filtered unknown
| wsdd-discover:
| Devices
| Message id: 39a2b7f2-fdbd-690c-c7c9-deadbeefceb3
| Address: http://10.0.200.116:50000
|_ Type: Device wprt:PrintDeviceType
```
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>